BlackHat EU’13: Are You Playing Sandbox Roulette?

This week my colleague Rafal and I had fun presenting our latest research on sandboxing, @BlackHat EU, in Amsterdam. We showed how to bypass popular application sandboxes on Windows viz: Sandboxie, BufferZone Pro, Google Chrome and Adobe ReaderX. This is a fun game in general, but we played it a bit differently: We did not spend any time trying to find vulnerabilities in the sandbox implementation. That’s the usual approach, with a different attack surface, and a lot of our fellow security researchers play it regularly (mostly for fun and sometimes for profit). Our approach was focused on leveraging Windows OS kernel vulnerabilities to bypass the sandbox to gain complete control of the system, including the sandbox. We argue that we can compromise any sandboxed application, no matter how good the sandbox architecture or implementation. Several of the sandbox vendors that we notified about the vulnerabilities we discovered were a bit smug, offering us “good luck for the talk” (perhaps implying that we would fail or that they didn’t care, and one did not even bother to respond).

In case you missed the talk (yeah just to avoid the Dutch winter), the summary of the talk is:

– Application sandboxes have a fundamental architectural limitation, they cannot reliably protect against vulnerabilities in the underlying Operating System. So your application sandbox is as secure as the next upcoming kernel advisory from Microsoft.

– Attackers are getting sophisticated; kernel vulns are getting more prevalent. Just last month there were 30 kernel mode vulns patched, ok ok… it might be a slight deviation in the curve, but in 2012 itself there were 25 kernel patches from Microsoft. Kernel interfaces are a huge attack surface and it’s getting interesting there.

Sandboxing is not bad, it’s definitely useful. But, as we just demonstrated, it’s not a useful enough approach to be able to tackle the emerging threat vectors. Last week’s pwn2own contest at Cansecwest conference seems to have used a kernel OS exploit to bypass the sandbox, we don’t have full details yet, but it looks like a neat escape.

Recommendation: Run an application sandbox inside a VM environment – especially if you are a malware pro or an enterprise that cares about its IP. You don’t want be the innocent victim of next Duqu equivalent kernel zero day malware.